Skip to main content

Appendix C. Relationship of JWTs to Simple Web Tokens

Simple Web Tokens (SWT) [SWT] and JSON Simple Sign (JSS) [JSS] are both predecessors of JWTs that provide similar but simpler claim representation formats.

The main differences between JWTs and SWT/JSS include:

  1. Encoding: JWTs use base64url encoding, ensuring URL safety. SWT uses a simple key-value pair format.

  2. Signing and Encryption: JWTs leverage the complete JOSE (JWS and JWE) framework, supporting multiple algorithms and encryption options. SWT only supports HMAC SHA-256 signing.

  3. Claim Format: JWTs use JSON objects to represent claims, providing greater flexibility and structured data support. SWT uses simple name=value pairs.

  4. Standardization: JWTs are IETF standards with formal specifications and registries. SWT was never standardized.

  5. Interoperability: JWTs provide better interoperability through formal standards and multiple implementations.

JWTs are designed to provide the functionality of SWT and JSS while addressing their limitations and offering a more robust and flexible solution. Many applications that once used SWT have migrated to JWTs.

Last updated on